projects / OpenSPARC-T2-SAM / blame
| Commit | Line | Data |
|---|---|---|
| 920dae64 AT |
1 | \ ========== Copyright Header Begin ========================================== |
| 2 | \ | |
| 3 | \ Hypervisor Software File: security.fth | |
| 4 | \ | |
| 5 | \ Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved. | |
| 6 | \ | |
| 7 | \ - Do no alter or remove copyright notices | |
| 8 | \ | |
| 9 | \ - Redistribution and use of this software in source and binary forms, with | |
| 10 | \ or without modification, are permitted provided that the following | |
| 11 | \ conditions are met: | |
| 12 | \ | |
| 13 | \ - Redistribution of source code must retain the above copyright notice, | |
| 14 | \ this list of conditions and the following disclaimer. | |
| 15 | \ | |
| 16 | \ - Redistribution in binary form must reproduce the above copyright notice, | |
| 17 | \ this list of conditions and the following disclaimer in the | |
| 18 | \ documentation and/or other materials provided with the distribution. | |
| 19 | \ | |
| 20 | \ Neither the name of Sun Microsystems, Inc. or the names of contributors | |
| 21 | \ may be used to endorse or promote products derived from this software | |
| 22 | \ without specific prior written permission. | |
| 23 | \ | |
| 24 | \ This software is provided "AS IS," without a warranty of any kind. | |
| 25 | \ ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, | |
| 26 | \ INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A | |
| 27 | \ PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN | |
| 28 | \ MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE FOR | |
| 29 | \ ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR | |
| 30 | \ DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN | |
| 31 | \ OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR | |
| 32 | \ FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE | |
| 33 | \ DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, | |
| 34 | \ ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF | |
| 35 | \ SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. | |
| 36 | \ | |
| 37 | \ You acknowledge that this software is not designed, licensed or | |
| 38 | \ intended for use in the design, construction, operation or maintenance of | |
| 39 | \ any nuclear facility. | |
| 40 | \ | |
| 41 | \ ========== Copyright Header End ============================================ | |
| 42 | id: @(#)security.fth 1.13 01/04/06 | |
| 43 | purpose: Implements Open Boot security feature (passwords) | |
| 44 | copyright: Copyright 1990-2001 Sun Microsystems, Inc. All Rights Reserved | |
| 45 | ||
| 46 | \ The security variables are placed at a fixed location to | |
| 47 | \ prevent them from being changed when a new PROM is released. | |
| 48 | \ An area near the start of EEPROM is reserved for them. | |
| 49 | ||
| 50 | unexported-words | |
| 51 | : legal-passwd-char? ( char -- flag ) bl h# 7e between ; | |
| 52 | ||
| 53 | 8 buffer: pwbuf0 | |
| 54 | 8 buffer: pwbuf1 | |
| 55 | : get-password ( adr -- adr len ) | |
| 56 | 0 begin ( adr len ) | |
| 57 | key dup linefeed <> over carret <> and | |
| 58 | while ( adr len char ) | |
| 59 | 2dup legal-passwd-char? swap 8 < and if ( adr len char ) | |
| 60 | >r 2dup + r> swap c! ( adr len ) | |
| 61 | 1+ ( adr len ) | |
| 62 | else ( adr len char ) | |
| 63 | drop beep ( adr len ) | |
| 64 | then ( adr len ) | |
| 65 | repeat ( adr len char ) | |
| 66 | drop cr | |
| 67 | ; | |
| 68 | ||
| 69 | exported-headerless | |
| 70 | \ used by the keyboard support package | |
| 71 | : security-on? ( -- flag ) \ flag true if command or full security | |
| 72 | security-mode 1 2 between ( on? ) | |
| 73 | security-password dup 0<> -rot ( ok? ) | |
| 74 | bounds ?do i c@ legal-passwd-char? and loop | |
| 75 | and ( flag ) | |
| 76 | ; | |
| 77 | ||
| 78 | \ the bootparam package requires this. | |
| 79 | ||
| 80 | : password-okay? ( -- good-pw? ) | |
| 81 | security-on? if | |
| 82 | ??cr ." Firmware Password: " | |
| 83 | pwbuf0 get-password security-password ( adr,len1 adr,len2 ) | |
| 84 | compare 0= if true exit then ( ) | |
| 85 | ." Sorry. Waiting 10 seconds." cr | |
| 86 | security-#badlogins 1+ to security-#badlogins | |
| 87 | lock[ d# 10.000 ms ]unlock | |
| 88 | false exit | |
| 89 | then true | |
| 90 | ; | |
| 91 | ||
| 92 | exported-headers | |
| 93 | \ Required to make sure users know that set-defaults doesn't change | |
| 94 | \ security settings. | |
| 95 | overload: set-defaults ( -- ) | |
| 96 | security-on? if | |
| 97 | ." Note: set-defaults does not change the security fields." cr | |
| 98 | then | |
| 99 | set-defaults | |
| 100 | ; | |
| 101 | ||
| 102 | : password ( -- ) | |
| 103 | ." New password (8 characters max) " pwbuf0 get-password ( adr len ) | |
| 104 | ||
| 105 | ." Retype new password: " pwbuf1 get-password ( adr len adr len ) | |
| 106 | ||
| 107 | 2over $= if ( adr len ) | |
| 108 | ['] security-password ( adr len apf ) | |
| 109 | 3dup encode ( adr len apf true|adr len false ) | |
| 110 | if | |
| 111 | 3drop ( ) | |
| 112 | ." Invalid string - password unchanged" cr | |
| 113 | else | |
| 114 | 2drop set ( ) | |
| 115 | then | |
| 116 | else | |
| 117 | 2drop ( ) | |
| 118 | ." Mismatch - password unchanged" cr | |
| 119 | then | |
| 120 | ; | |
| 121 | ||
| 122 | unexported-words | |
| 123 | ||
| 124 | : (?permitted) ( adr len -- adr len ) | |
| 125 | source-id if exit then \ Apply security only to interaction | |
| 126 | 2dup " go" $= if exit then | |
| 127 | 2dup " boot" $= if exit then | |
| 128 | password-okay? 0= abort" " | |
| 129 | ; | |
| 130 | ||
| 131 | unexported-words | |
| 132 | : first-prompt ( -- ) help-msg ['] (prompt) is prompt do-prompt ; | |
| 133 | ||
| 134 | : secure-help-msg ( -- ) | |
| 135 | ??cr ." Type boot , go (continue), or login (command mode)" cr | |
| 136 | ; | |
| 137 | ||
| 138 | : secure-prompt ( -- ) ??cr ." > " ; | |
| 139 | ||
| 140 | : first-secure-prompt ( -- ) | |
| 141 | secure-help-msg ['] secure-prompt is prompt do-prompt | |
| 142 | ; | |
| 143 | ||
| 144 | : secure ( -- ) | |
| 145 | ['] first-secure-prompt is prompt | |
| 146 | ['] (?permitted) is ?permitted | |
| 147 | [ also hidden ] true is deny-history? [ previous ] | |
| 148 | ; | |
| 149 | ||
| 150 | : unsecure ( -- ) | |
| 151 | ['] prompt behavior ['] (prompt) <> if | |
| 152 | ['] first-prompt is prompt | |
| 153 | then | |
| 154 | ['] noop is ?permitted | |
| 155 | [ also hidden ] false is deny-history? [ previous ] | |
| 156 | ; | |
| 157 | ||
| 158 | exported-headerless | |
| 159 | ||
| 160 | : (?secure) ( -- ) security-on? if secure else unsecure then ; | |
| 161 | ||
| 162 | ' (?secure) to ?secure | |
| 163 | ||
| 164 | exported-headers | |
| 165 | ||
| 166 | alias login unsecure | |
| 167 | alias logout ?secure | |
| 168 | ||
| 169 | unexported-words |